Apply nginx rate limits to certain IP addresses, and another rate limit to others

stuwat nginx-forum at forum.nginx.org
Mon Oct 30 13:46:13 UTC 2017


In our Nginx config we currently have this:-

limit_req_zone $binary_remote_addr zone=two:10m rate=15r/m;
limit_req zone=two burst=5 nodelay;

Now we want to change this so that this rate limit applies to certain IP
addresses, and then have another rate limit that applies to others that is
slightly less restrictive.

geo $limited_net {
    default      0;
    111.222.333.444  1;
}

map $limited_net $addr_to_limit {
    0  "";
    1  $binary_remote_addr;  
}

limit_req_zone  $addr_to_limit  zone=two:10m  rate=15r/m;


geo $less_limited_net {
    default      1;
    111.222.333.444  0;
}

map $less_limited_net $addr_to_limit_less {
    0  "";
    1  $binary_remote_addr;
}

limit_req_zone  $addr_to_limit_less  zone=three:10m  rate=25r/m;

So the traffic from the IP 111.222.333.444 will be affected by the rate 1st
more restrictive rate limit, and not by the second less restrictive one.

Does this give me what I want?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,277126,277126#msg-277126



More information about the nginx mailing list